Study finds crippling
shortfall of cybersecurity workers with a predicted skills gap for Europe of
350,000 by 2022

70% of hiring managers
want to increase their workforce this year despite struggle to find qualified
talent today

1% unemployment rate
and high turnover creates disincentive to invest in training

London, 6th June 2017 – The largest-ever global
survey of over 19,000 cybersecurity professionals, (3,694 from Europe),
conducted by (ISC)2’,
reveals that European organisations are planning the fastest rate of
cybersecurity hiring in the world, with 38%
of hiring managers in the region wanting to grow their workforce by at least 15%
in the next year. This is despite the fact that two-thirds of
organisations state that they currently have too few cybersecurity workers, as
the region faces a projected skills gap of 350,000 workers by 2022.

The
report calls for employers to do more to embrace newcomers and a changing
workforce, as 92% of hiring managers admit they prioritise previous
cybersecurity experience when choosing candidates, and that most recruitment
comes from their own professional networks. Hiring managers identified that they are relying on their social and
professional networks (48%), followed closely by their organisation’s HR
department (47%), as their primary source of recruitment.

The latest report, Benchmarking Workforce Capacity and Response to Cyber Risk,
released from the 2017 Global Information Security Workforce Study, the 8th
Edition of the study, which has been running since 2004, offers a deep dive into
the growing cybersecurity skills gap. It shows that strong recruitment targets,
a shortage of talent, and disincentives to invest in training are contributing to
the skills shortage with 70% of employers around the globe looking to increase
the size of their cybersecurity staff this year. The demand is set against a broad range of
security concerns which continue to develop at pace, with the threat of data
exposure clearly identified as today’s top security concern amongst
professionals around the world. Concern over data exposure reflects the advent
of new regulations aimed at enhancing data protection around the world,
including Europe’s General Data Protection Regulation to be in force by May 2018.
The Study was conducted by Frost & Sullivan for the Center for Cyber Safety
and Education, with the support of (ISC)², Booz Allen Hamilton and
Alta Associates.

The report describes a revolving door of scarce, highly
paid workers amidst a non-existent unemployment rate of just 1% in Europe.
Organisations are struggling to retain their staff, with 21% of the global
workforce stating they have left their jobs in the past year, and facing high
salary costs, with 33% of the workforce in Europe in particular making over
$100,000 USD / EUR 95,000 / GBP 78,000 per year.

“The combination of virtually non-existent unemployment, a shortage of workers, the expectation of high salaries, and high staff turnover that only increases among younger generations createsboth a disincentive to invest in training and development and a conundrum for prospective employers: how to hire and retain talent in such an environment?” states the report.

Recruitment
and professional development strategies must change

Recommends made suggest that organisations adapt
their approach to recruitment and draw from a broader pool of talent. This is
backed by findings that show workers with non-computing related backgrounds,
account for nearly a fifth of the current workforce in Europe and that they
hold positions at every level of practice, 63% at manager or above.

It also highlights a mismatch between the skills
recruiters are looking for and workers’ priorities for developing a successful
career, suggesting skills sets may not be keeping pace with requirements. Currently,
the top two skills workers are prioritising include ‘cloud computing and
security’ (60%) and ‘risk assessment and management’ (41%), while employers
prioritise looking for communication (66%) and analytical skills (59%). Only
25% and 20 % of workers are prioritising communication and analytical skills
respectively.

Key
recommendations include:

Looking
beyond Social and Professional networks as the
main channel of recruitment. to open doors for new, younger and more diverse talent.

Accepting
the need to Invest in development and training: More
talent is needed to stem the high levels of movement on job markets.

Better
Communication of current employer requirements: Workers
prioritise different skills for their professional development than what
employers look for in the workforce

Embracing
a broader talent pool: Individuals with non-technical backgrounds often
rise to become key decision makers, with 30% of Directors, Executive Management
and C-suite professionals in Europe beginning in non-technical careers.

Adrian
Davis, Managing Director, EMEA at (ISC)² said:
“There are real structural concerns hampering the development of the job market
today that must be addressed. It is particularly concerning that employers
appear reluctant to invest in their workforce and are unwilling to hire
less-experienced candidates. If we cannot be prepared to develop new talent, we
will lose our ability to protect the economy and society.”

Jarad
Carleton, Principal Consultant, Frost & Sullivan said: Businesses cannot afford to ignore investing in training and
development programmes for their workforces. Those that do so will become much
easier potential targets for cyber criminals and risk facing high profile hacks
similar to those we have seen in recent weeks. Europe has traditionally been
strong at investing in its workforce, and must continue to provide regular
training and recruit from non-technical backgrounds to help ease the skills
shortage. We predict the skills gap to become much more acute in the coming
years if businesses fail to do so.

Mahbubul Islam, Head of Secure Design (Project), The Department for Work and Pensions (DWP) UK said: "There are challenges in employers finding talent with relevant knowledge, exposure and experience within our industry. Employers should pick two out of three areas, and allow the talent to develop the third. It is important to take advantage of candidates with knowledge and experience and trust them in their respective skill set to deliver to their maximum potential."

About the Center for Cyber Safety
and Education The
Center for Cyber Safety and Education (The Center), formerly the (ISC)²
Foundation, is a nonprofit charitable trust committed to making the cyber world
a safer place for everyone. The Center works to ensure that people across the
globe have a positive and safe experience online through their educational
programs, scholarships and research. Visit www.iamcybersafe.org.

About
(ISC)²®

(ISC)² is an international nonprofit membership association focused on
inspiring a safe and secure cyber world. Best known for the acclaimed Certified
Information Systems Security Professional (CISSP®) certification,
(ISC)² offers a portfolio of credentials that are part of a holistic,
programmatic approach to security. Our membership, over 120,000 strong, is made
up of certified cyber, information, software and infrastructure security
professionals who are making a difference and helping to advance the industry.
Our vision is supported by our commitment to educate and reach the public
through our charitable foundation – The Center for Cyber Safety and Education. Visitwww.isc2.org.

Social Media

All contents of this site constitute the property of (ISC)², Inc. and may not be copied, reproduced or distributed without prior written permission. (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered certification marks of (ISC)², Inc.